Data protection at the IOF

The EU’s new data protection regulations, the General Data Protection Regulation (GDPR), come into effect on the 25th of May 2018. The new regulations set higher standards on personal data protection and the IOF manages several information systems and databases containing personal data. The work on setting the appropriate privacy protection has been done in several steps:

GDPR training and information collection– What is it and what does it mean for IOF?

Make an inventory of databases and systems, defining critical, essential and standard personal information that is managed

Prioritize improvements and create on a work list

Implement the actions on the work list

The process of adapting to the new regulations will continue during the remainder of 2018, to secure that the personal data we manage is for a purpose, and to remove unnecessary data (restrict access; de-personalise or delete). The definitions of personal data and data of public interest are also defined and managing the definition of data will be a continuous process. The table below shows the largest and most important information-systems where the IOF handle personal data and the processes we are working with to improve them. If you have any questions about data privacy and data protection, please contact david.wastlund@orienteering.org or the dedicated contact route for the system/data of interest. Some of the listed improvements have already been made, others are planned. If you find areas of improvement, please contact us.

IOF Eventor

Together with the service provider, the Swedish Orienteering Federation, we have identified several areas of improvements:

define what information (use and purpose) that may be shared between IOF and other organisations (IT systems) through data share protocols (API). Define and write contracts of shared information between (IOF) IOF Eventor and other IT systems.

World Ranking System

remove display of full date-of-birth

define data retrieval contract between Eventor and WRS

IOF LIVE Orienteering

better information on how personal data will be used

open channels for removal of personal data

define data retrieval contract between Eventor and LIVE Orienteering

World Orienteering Day website

open channels for removal of personal data

better information on how personal data will be used

Orienteering.org

develop personal data management statement in “Working within the IOF”-document.

how to find the balance between easy sharing of information within modern cloud-based information management systems vs more traditional ‘inhouse’ managed and closed systems in a global arena

how to manage that appropriate data privacy standards are followed by the IOF Office; IOF Council and Commissions; IOF Event Advisers and Contractors; IOF System administrators and data management service providers